CVE-2024-10834

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-10834

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10834.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10834

Published

2025-03-20T10:15:20.753Z

Modified

2026-04-10T05:18:22.902960Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join, enabling an attacker to write files to arbitrary locations on the target server. This vulnerability can be exploited by setting the doc_file.filename to an absolute path, which can lead to overwriting system files or creating new SSH-key entries.

References

https://huntr.com/bounties/0d598508-151a-4050-9ccd-31bb82955e7a

Affected packages

Git / github.com/eosphoros-ai/db-gpt

Affected ranges

Type

GIT

Repo

https://github.com/eosphoros-ai/db-gpt

Events

Introduced

Last affected

b34295562924046c229f0fd424ac3c7b54b7ecc8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.6.0"
        }
    ]
}

Affected versions

0.*

0.4.1

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4-alpha

v0.0.5-beta

v0.0.6

v0.0.7

v0.1.0

v0.1.1

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.5.0

v0.5.1

v0.5.10

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10834.json"